Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Patents

SCC Statement on SELinux Patent Issues 65

Hawke writes "Secure Computing has announced a Statement of Assurance that they will not use the patents in question to limit the availability of SELinux. They continue to say: 'However, Secure Computing does not extend the Assurance to software that merely interoperates with SELinux, or is merely included with a distribution of SELinux.'" The original story was here.
This discussion has been archived. No new comments can be posted.

SCC Statement on SELinux Patent Issues

Comments Filter:
  • Nor.... (Score:3, Insightful)

    by Captain Pedantic ( 531610 ) on Saturday July 27, 2002 @07:48AM (#3963899) Homepage
    can they guaranty that they won't be bought out by someone who wants to exploit the patent (eg Forgent).

    Software Patents: Don't do them kids.
    • Re:Nor.... (Score:4, Interesting)

      by rusty0101 ( 565565 ) on Saturday July 27, 2002 @08:23AM (#3963964) Homepage Journal
      In their Statment of Assurance, they specifically allow that they may license, sell or re-assign any or all rights to a third party, who is not and would not be bound by the Statement of Assurance.

      Basically this means that the parts of SELinux that they have a patent on, are free of licensing restrictions, so long as the distribution continues to be SELinux (you are free to modify it and re-distribute under the same name) and so long as they have not reassigned those rights on the patent to a third party.

      Forgive me if I seem a bit less than touched by the assurance, but this assurance seems to me to be exceedingly self serving, and no assurance of anything.

      -Rusty
      • They are not even bound by the statement of assurance. Its not a legal document which forbids them from doing things they deem necessary for the survival of their company.

        People are typically ok dudes when all is well, but when times get hard they even break the real laws, so this assurance is meaningless to me.

        Its like buying a gun and assuring everyone you will never use it.
    • Re:Nor.... (Score:4, Interesting)

      by anonymous cowfart ( 576665 ) on Saturday July 27, 2002 @08:40AM (#3963992) Journal

      Last year in a show of how easy it was to disrupt and abuse the patent process by registering a common, every-day idea a Melbourne lawyer patented a "circular transportation facilitation device" [bbc.co.uk] with more info on the story here, [theage.com.au] here [ipmenu.com](pdf file), and here [harvard-magazine.com]

      Obviously it's too easy to get things patented these days, especially in areas of high technology as few if any patent officer workers are well versed in the areas of technology. Most of the patent office stampers would have little inclination as to how an intigrated circuit works or if an item of software recently designed is any different or unique from any other piece of similar software.

      Sure, it's nice to be able to patent and protect your inventions and innovations, but when most of today's patent holders are larger corporations, it's hardly meant to protect the garage inventor anymore.

    • Re:Nor.... (Score:5, Interesting)

      by Alan Cox ( 27532 ) on Saturday July 27, 2002 @11:40AM (#3964476) Homepage
      Its actually useless. It allows them to sell it to a friend, sue everyone and buy their patent back one afternoon. The exemption excludes authorizing applicaitons or protocols (ie everything NSALinux does)

      Utterly cynical. However it demonstrates how bad the US patent problem is. Even the NSA, the US ultimate investigative and spook agency can't get patent stuff sane. So now the US government has written a security system that only foreign governments can profit from due to bad USSA law and poor planning.

      Its a pity Americans don't understand irony...
      • I think most Americans agree the patent system is no longer working as intended. The problem is there is no agreement on what to do to fix this problem. The NSA like all federal agencies cannot be sued without the specific consent of congress.
        • Most Americans? HA! Sorry, I agree with what you're saying, accept for the part where you say most Americans agree with you and me too. Slashdot is not representative of "most Americans". Most Americans DO NOT have any problem with the patent system and they think it's the perfect model for open market capitalism...
  • by Tony Hoyle ( 11698 ) <tmh@nodomain.org> on Saturday July 27, 2002 @07:53AM (#3963908) Homepage
    The GPL states that as long as I put my own code under GPL I can use any other GPL code without restriction - thus enforcing the freedom of free software.

    Patents directly nullify this - with SELinux I can't modify it and make my own distro, or take the good bits of the code and use it in my own GPL project... making SELinux essentially proprietary.
    • "Patents directly nullify this - with SELinux I can't modify it and make my own distro, or take the good bits of the code and use it in my own GPL project... making SELinux essentially proprietary."

      Not entirely true. As long as SELinux refrains from enforcing the patent or collecting royalities you can make your own distro. The problem is you can do it today but there is nothing in the bogus statement that would prevent them from changing their minds tomorrow.

      The only way you and any people who use your distro or SELinux's distro would be safe is if they included a non exclusive license that insured royality free use and redistrubition rights. The statement clearly states they aren't licensing the Patents, so any redistrubition could be hazzardous to your finical health in the future.

      It dosen't seem to violate the letter of the GPL, but it makes a mockary of the spirit of the License, and I hope The FSF closes this loophole ASAP

    • Okay.. so say they are distributing a derivitave GPL work that is patent encumbered.

      Then one day the company changes hands, and the new owners want to enforce the patent.

      They would have just negated theri ability to distribute the code in the first place, as, under the GPL, tehy have no right to do this if it's encumbered.
  • If they won't gonna use the patents, why have they filed for them in first place ?
    Competitors aren't an argument because the publishing of the sources of SELinux according to the GPL would count as prior art.
    Did they want to troll RMS and Anal Cox or what else ?
    Or is this statement just a scam ?
    • Well its pretty obvious
      "why do they release this statement?"
      If they dont ppl avoid SElinux,
      but now people wont really avoid it.. and once it becomes common they can actually hold ppl to ransom.

      This is called corporate skills. This is what is taught in a B'School. I have friends from B'school and they tell me ethics are passe do anything to get marketshare!

      So its pretty simple here, and i wont be using it unless those patens vanish *sigh*
  • The MS'ian Loophole (Score:3, Interesting)

    by Anonymous Coward on Saturday July 27, 2002 @08:15AM (#3963949)
    The following paragraph totally voids the whole thing. It also would create a terribly dangerous submarine patent.

    ===
    No Third Party Restrictions.
    This Statement of Assurance is made by Secure
    Computing alone, and does not bind or obligate any other person or party. Secure
    Computing may license or otherwise transfer any or all of its rights in the Subject Patents,
    including the Subject Patent Rights, without any restriction or condition. The recipients
    of such rights are not bound by this Statement of Assurance, and may assert any rights
    acquired from Secure Computing without any limitation or restriction.

    ===

    If the patents are transfered, they can then be enforced. Any existing distributions and installations of SELinux will become subject to unilateraly imposed lisence and royalty fees imposed by a new owner.

    No way is this:
    "Our assurance is subject to certain limitations that we believe are consistent with the spirit of open source. "

  • No License (Score:5, Insightful)

    by thales ( 32660 ) on Saturday July 27, 2002 @08:17AM (#3963955) Homepage Journal
    The Statement of Assurance explictly states that they aren't licensing the Patents to SELinux users. This places the statement in the same catagory as propriatary EULAS that contain a clause allowing them to change the license terms at any time.

    It's just a PR move. There is nothing that would prevent SELinux from modifying or abbandoning this statement at any time. It provides no protections to users if SELinux is sold, or the Patent sold. They can even grant a third party a license that would enable the third party to collect the license fees that SELinux is pretending to abbandon.

    The level of dishonesty shown by this statement has lowerd my leval of trust in SELinux, and made me more unlikely to use the software on a personal basis and reinforced my view that it would be a mistake to use SELinux in a commerical setting.

    • Re:No License (Score:3, Insightful)

      by Rogerborg ( 306625 )

      +lots, insightful, and the exact same situation applies to the Red Hat patents, or any patents owned by "friendly" companies who's friendship stops just short of giving explicit licenses.

      Just because Secure Computing and Red Hat have agreed not to press their patents under certain circumstances doesn't mean that the patent isn't still a sword of Damocles. Indeed, this "Assurance" isn't very assuring at all, as it makes it very clear that the patent can be sold at any time, with no restrictions on the purchaser.

      Companies change. Their directors change. They find a sudden need for money. They go bust, and when they do, their patents are sold to the highest bidder by the liquidators, and their good intentions are ignored.

      Consider what would happen if Secure Computing and/or Red Hat went bankrupt? Could the FSF outbid Microsoft for the patents? I very much doubt it.

      • Re:No License (Score:5, Insightful)

        by thales ( 32660 ) on Saturday July 27, 2002 @09:05AM (#3964056) Homepage Journal
        "To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all"
        from the GPL Preamble

        The FSF has failed to take the chilling effect of an unlicensed unenforced patent into consideration. As long as Red Hat and SELinux don't enforce patents on GPLed software they are in compliance with the GPL, but the danger that the patent could be enforced at some future date makes it risky to make a derritive work based on patented GPL software, or even to redistrubite it. The practice clearly goes against the spirit of the GPL.

        The GPL needs to be modified so that there is a ban on including any patented code unless it also includes a royality free license with redistrubition rights. Simply refraining from enforcing patent rights (for now) does nothing to insure that users will retain the right to redistrubite and modify in the future.

  • type enforcement (Score:4, Informative)

    by Alien54 ( 180860 ) on Saturday July 27, 2002 @08:21AM (#3963960) Journal
    You can find information on type enforcement here:

    http://www.securecomputing.com/index.cfm?sKey=738 [securecomputing.com]

    As it turns out, this is the problem child. SCC has a patent on this technology, and seems to have used it in SE Linux

  • by Vicegrip ( 82853 ) on Saturday July 27, 2002 @08:23AM (#3963962) Journal
    number: 4,6211,231

    It doesn't exist in any of the searches I made .... maybe I made a mistake.
    • It doesn't exist in any of the searches I made .... maybe I made a mistake.

      Someone made a mistake, but it wasn't you. The right number is 4621321. I wonder if the mistake was intentional, so they could later enforce that patent and claim they're still in compliance with their statement. That doesn't make much sense, but I guess it isn't impossible.

  • To sum up (Score:4, Funny)

    by flacco ( 324089 ) on Saturday July 27, 2002 @08:26AM (#3963970)
    So, let's see - an operating system produced by the NSA, with the threat of future patent claims on its core technology.

    Where do I sign up?

    • Re:To sum up (Score:4, Interesting)

      by Anonymous Coward on Saturday July 27, 2002 @10:08AM (#3964198)
      So, let's see - an operating system produced by the NSA, with the threat of future patent claims on its core technology.

      Please don't start this again. Paranoia over the nation's most powerful spy agency aside, Security Enhanced Linux has introduced a myriad of useful security ideas into the Linux world. SELinux uses type enforcement and role-based access control to secure the operating system from the ground up; instead of relying on applications to perform their own security, SELinux ensures that programs only have access to the system resources that they SHOULD have, and nothing more.

      Furthermore, a presentation of SELinux by NSA officials at the 2.5 Linux Kernel Summit in March 2001 spurred Linus to propose an idea that has come to be the Linux Security Module, which will hopefully make it's way into the 2.5 kernel eventually. Under this system, and security module, not just SELinux, can be quickly loaded into the Linux kernel to provide whatever kind of security the user desires.

      The fact that SCC has issued this statement, however cryptic, is a huge step in the right direction for the Linux world, and perhaps the entire UNIX world. It ensures the current development of SELinux by the NSA and its contributers, and allows Linux users to employ one of the more secure operating system implementations out there.

      The National Security Agency has been making good strides towards making better public relations, and SELinux would appear to be a good weapon in giving them a better public image. If still paranoid, just download the source and view it yourself; it's not huge, and it's very clean-cut and understandable.
  • by 3seas ( 184403 ) on Saturday July 27, 2002 @08:33AM (#3963984) Homepage Journal

    Seems to me they are confused. FreeSoftware supporters will limit their
    use of SELinux and that inturn will Limit ..... well let's just say they
    can expect limited use of it, regardless of what dillusions they speak.
  • Pantents (Score:2, Interesting)

    by attobyte ( 20206 )
    If a company releases the source to something that was patented under the GNU can the enforce it later?

    They licensed it to us to use as we see fit, just as long as we release the source, right?

    Mike
  • by AgTiger ( 458268 ) on Saturday July 27, 2002 @08:59AM (#3964046) Homepage
    1. Three patent numbers are mentioned. Okay, fine... I'll look those up later, it's enough (for now) to know that Secure Computing claims they exist.

    2. Non-Assertion section. "Subject to the limitations described in this Statement of Assurance, Secure Computing will not assert the Subject Patent Rights with respect to any use, modification or distribution of SELinux software that is permitted by, and is in compliance with, the terms and conditions of Version 2 of the GNU Public License (the "GPL")."

    This is a catch-22. If they're already not in compliance with the GPL due to patent restrictions simply existing on their code, then according to this statement, they may very WELL assert the Subject Patent Rights. This whole clause is a sneakily worded contradiction of realities.

    3. SELinux Limitation section.
    "... However, Secure Computing does not extend the Assurance to software that merely interoperates with SELinux, or is merely included with a distribution of SELinux."

    Translation: Unless they specifically _say_ your code may use their patented methods, forget it. The very nature of distributions is that the kernel is married with a distro's specific patches, custom scripts, custom installer, and a whole bunch of applications are "merely included".

    4. Subject Patent Rights Limitation section.
    "... Secure Computing does not waive, modify or release any of the Subject Patent Rights, or any other right in the Subject Patents, except as expressly provided in this statement of Assurance. ..."

    (Which we're already seeing is "effectively nothing") This section goes on to say that Secure Computing reserves the right to assert their Subject Patent Rights with respect to anything remotely useful regarding security applications that you might want to use their patented software for!

    5. No Third Party Restrictions section.
    Just go read it. If we sell it, you're screwed.

    6. Other Patents section. Again, go read it. We may have other Patent landmines related to SELinux. Here's your blindfold, now go play hopscotch in that legal minefield over there.

    7. No Licence section.
    "No license is granted in this Statement of Assurance with respect to the Subject Patents, or any other patent or intellectual property right, or software or other product."

    Then what exactly am I assured of, other than "We have Patents, we have rights, and they remain ours" ?

    8. Limited Assurance section.
    More legal handwaving and Covering of asses.

    This whole document ranks right up there with "The check is in the mail", "I'm here from the government to help you", and other infamous promises made just before you get screwed over.

    • 2. Non-Assertion section. (...) This is a catch-22.

      Are you sure? The respective paragraph of the GPL reads:

      7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program.

      So, if you are explicitly told that this patent will not be enforced with respect to GPL software, there should not be any problems...

      Of course, the question remains whether the assertion might be revoked some time.


  • If a GPLed project includes any patented code, then, under the GPL, I can take just the code from the project pertaining to the patent, create a derived work, sell it, and become rich. It is inconceivable that the company owning the patent would not sue me. Therefore, if they release patented code in a GPL project, they better give a royalty-free license to everyone.
    • by SurfsUp ( 11523 ) on Saturday July 27, 2002 @09:40AM (#3964129)
      (Further to my previous post) Quoting from the preamble of the GPL [mit.edu]:

      Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all.

      Now you think that would be pretty clearcut, wouldn't you? Nonetheless, in the case of RTLinux, RMS did publicly state the patent holder could enforce his patent against users of non-GPL applications running under a modified Linux system containing code subject to the patent, without violating the GPL. Go figure. That doesn't sound like 'everyone's free use'.

      In the case of the RTLinux patent, luckily a workaround was found, which is even superior to the patented method, so the question of whether the patent holder really was violating the GPL became moot. But, not too surprisingly, here is almost the same thing come up again. RMS needs to take a position.
      • by Anonymous Coward
        There is what RMS intended, what people think he intended, and what he actually wrote. The three do not always meet. (The second one most often disagrees with the other two.)

        RMS wrote the license. Having written it, he is free to state how he interprets what he wrote. Barring courts ruling on it, his interpretations have considerable weight. But only if they are reasonable as interpretations of what he wrote. For him to say that his license says what it does not (that a patent licensed for GPLed use has to be licensed for anyone's use) would be a lie and useless.

        That said, the question becomes whether he disagrees with his license, and whether either of them disagree with your understanding of what he meant. I submit that he agrees with his license. The freedom to write GPLed versions of software - which can then become available for anyone's free use - is exactly what he wants to encourage. Your inability to write software that denies others their freedom to use it doesn't matter to him.

        Remember. The GPL is designed to encourage widespread use of the GPL, which in turn is meant to push RMS' social philosophy. It is coincidentally useful for a lot of people who disagree with RMS' beliefs. But the fact that it does not satisfy those people in all the ways that they would like to be satisfied is not a failing of the GPL, and is not a problem for RMS.
        • The freedom to write GPLed versions of software - which can then become available for anyone's free use - is exactly what he wants to encourage. Your inability to write software that denies others their freedom to use it doesn't matter to him.

          Hi Victor,

          What he would like to encourage and what the license says are different things. The GPL states quite plainly: "we have made it clear that any patent must be licensed for everyone's free use or not licensed at all." No qualifications. In particular, nothing remotely like "for everybody's free use so long as all the software they use is GPL".
  • by Anonymous Coward
    Are the patents valid anywhere except the US ?

  • Did they write their whole distribution?

    If not, then aren't they distributing GPL code written by others as a part of an assemblage that does not grant to others the right to freely modify and redistribute it?

    Are they claiming that none of the patented code is linked?

    Or is this just total FUD?

    Whatever the answer to any of these, this is one company that deserves to die a quick death.
    • Did they write their whole distribution?

      If not, then aren't they distributing GPL code written by others as a part of an assemblage that does not grant to others the right to freely modify and redistribute it?


      Perhaps they think that they can freely give the right to modify and redistribute the software, while imposing restrictions on the right to use it. Come to think of it, there's very little said in the GPL about the use of a program, versus distribution of it. Perhaps distribution means 'distribution for use', but I don't see that clearly stated.
    • by Hoxworth ( 570683 )
      SELinux is not a distribution; it is rather a series of patches and utilities to the Red Hat 7.2 distribution. The National Security Agency cleary states that certain sections of the patches may or may not fall under the terms and conditions of the GPL, as shown by the following statement from the NSA SELinux website [nsa.gov]:
      "All source code found on this site is released under the same terms and conditions as the original sources. For example, the patches to the Linux kernel, patches to many existing utilities, and new programs and libraries available here are released under the terms and conditions of the GNU General Public License (GPL). The patches to some existing utilities and libraries available here are released under the terms and conditions of the BSD license."
      SELinux uses the idea of Type Enforcement, which is patented by SCC. This is one area that would not fall under the GPL, but SCC is deciding to ignore that fact for the time being.
    • Or is this just total FUD?

      I think so. I'm not a lawyer, but the patents appear to discuss hardware, not software. Would they apply to SELinux in that case?

      Of course, whether a patent is ultimately enforcable has little to do with anything--if you can cost someone millions of bucks in litigation, that has to be taken as a pretty realistic threat.

  • It seems to me that the main problem with this statement of assurance is not its interplay with the GPL, but the fact that there is nothing keeping the company from issuing a new, perhapst totally modified statement sometime later.

    So, could anyone with a legal background please comment - is this letter in any way binding to Secure Computing?
  • Why do I have a feeling, it was the other division of the NSA that made this possible. e.g. Perhaps the, umm, *hardware* division of the NSA *talked* with a certain someone, who then, spontaneously decided to do exactly what the NSA guys suggested.

    See also:
    Some guys from the mafia visited with me today. On a completely unrelated note, I've decided to switch ro another trucking firm that charges 3 times as much.
  • by Russell Coker ( 125579 ) <<russell> <at> <coker.com.au>> on Saturday July 27, 2002 @12:14PM (#3964596) Homepage
    Here's what Alan had to say on the matter:
    The assurance simply says you cannot use it. Using it for authorization
    for applications, or services is excluded. That makes it useless
    He seems to like it less than I do.

    Oh well, it'll be good if this goes to court, having
    the NSA (represented by the Justice Department)
    defending the GPL would set a good precedent.

  • To ensure that Secure Computing Corp continues to receive funding and win contracts with the U.S. military and intelligence agencies we have decided to bow down to the Puzzle Palace's (NSA) goal of providing a freely available SELinux distribution.

    We promise will not attempt to sue to world's largest black budget organization, and is the government agency with the fewest publicly available details (part of mandate in E.O. 12333 [cia.gov] is classified).

    We fear their black helicopters.
  • One of two things can happen here: either the gov't (in the form of the NSA) can buy the patents in some way or another, or we can just wait around until Secure Computing realizes that few will adopt SELinux, and Secure Computing may get sued for GPL violation if they attempt to sell restrictive licenses.

  • I'm not an attorney but when someone attempts to enforce a patent they must show contribution to the work. In the case of this patent the NSA did all the genuine work and further released the details of this work publicly which means that SELinux would lose any lawsuit. The patent is entirely worthless and doesn't change anything. I can threaten to sue somebody just as easily with a valid or an invalid patent but if I can't win the case the threat is nothing but hot air.
    • You should hang around attorneys a little more. The threat of litigation is an effective tool. If one doesn't have or want to spend the money to defend oneself, the patent isn't worthless. Note the battle over the Gemstar EPG patents.
  • Pretty much nobody in the USA is at all likely to develop anything based on SELinux.

Reality must take precedence over public relations, for Mother Nature cannot be fooled. -- R.P. Feynman

Working...